Ubuntu – Dropbox has just force-halted syncing, probably because I am using standard 16.04 drive encryption. How might I address this?

16.04dropboxecryptfs

The Dropbox client 2.10.0 (https://linux.dropbox.com/packages/ubuntu/dropbox_2.10.0_amd64.deb) has just presented me with the following message:

(The "See requirements" button links here which is of no help).

I am running Ubuntu 16.04 LTS with standard drive encryption. My filesystem is like this:

What can I do to get this working again?

I hate to be one of those posters, but this is urgent for me and I need a solution quick and I am dealing with a lot of computers that need to be in sync for machine learning purposes. I would supremely appreciate guidance.

please note

My problem is different to the one discussed here because I need an immediate solution that can be applied across multiple computers. I can look into the move to LUKS later. A solution is needed now.

Best Answer

There are many solutions to this problem. The right solution will depend on your requirements. I will list all the solutions I can think of. I use Home to mean /home/$USER, and /home to mean the home folder or partition.

None of these solutions are simple or easy to implement quickly on multiple computers.

BACKUP! BACKUP!! BACKUP!!! The steps described below are very very risky. It is likely that you will lose all the data, or your Ubuntu installation will become unbootable.

Remove Home folder encryption once and for all

Needless to say, this is not as secure as an encrypted Home folder.

The details of how to do this is in How to stop using built-in home directory encryption?

Move Dropbox outside the encrypted Home

This is probably the least disruptive and keeps all files and folders other than Dropbox encrypted.

Assuming your /home folder/partition is on an Ext4 filesystem you can simply create a new folder outside of your home directory (e.g. `/home/$USER.dropbox) and tell Dropbox to move itself to this folder.

sudo mkdir -m 700 /home/$USER.dropbox
sudo chown $USER:$USER /home/$USER.dropbox

This will create the folder and give you the ownership.

The best way to move Dropbox is through Dropbox preference

Click the Dropbox icon in the top panel, click the Settings icon, and then choose Preferences.

enter image description here

In the Dropbox Preferences window, switch to the Sync tab. Next to the Dropbox folder location, click Move.

enter image description here

Browse for the /home/$USER.dropbox folder and click OK. The Dropbox folder will be created inside /home/$USER.dropbox.

The folder structure used here takes into account that there may be multiple user accounts in the same computer who use Dropbox. The nested folder structure also meets the condition that the Dropbox folder must be at least two layer deep from the base partition.

Create an encrypted /home partition in ext4 format to replace encrypted Home folder

This solution has its own downside. For example, one has to enter a passphrase when the computers boot.

If your computers have only one partition / (plus the swap), as is the case with most Ubuntu installation. There is no easy way to LUKS encrypt this single partition installation of Ubuntu. If you want to keep the single partition setup, you may want to backup your data and reinstall Ubuntu. While installing, select the full disk encryption option.

Step 1: Create a new partition for /home

Step 1.1: Boot from live CD/USB

Use the try Ubuntu without installing option.

Step 1.2: Identify the disks

Open Gparted. I prefer Gparted because it is visual and let me "see" the drives and partitions. Click on the top right drop down and see the list of drives. Go through the list and identify the drives you want to work with, by their size and partition structure. You want to identify the / partition in your internal hard drive you want to shrink.

enter image description here

Step 1.3: Shrink

Make sure you have selected the internal disk.

Select the / partition you want to shrink.

Drag the right edge of the partition leftward to resize/move to make room for the new /home partition. Create as much room as you want your new /home partition to be.

Press the "Apply" button in Gparted and wait.

If all goes well go to the next step. If you get an error, stop!

enter image description here

Step 1.4 Create New partition

Right click on the unallocated space you created and select new. You will see the "Create New Partition" window. Make sure the file system says "ext4" and you can keep the rest as is.

enter image description here

Press the "Apply" button in Gparted and wait.

If all goes well go to the next step. If you get an error, stop!

Step 1.5 Reboot computer to internal hard disk

Step 2: Encrypt the new partition

Step 2.1 Find the identifying information about the new partition

Open a terminal by pressing Ctrl+Alt+T and enter:

sudo blkid

You will be prompted for your password. When you type the password nothing will show on the terminal. This is normal.

Copy and paste the output in a text file. Note the UUID as well as the partition name like /dev/nvme0pX, where X is a number for the new partition.

Step 2.2 LUKS encrypt!

sudo cryptsetup -h sha256 -c aes-xts-plain64 -s 512 luksFormat /dev/nvme0pX

You will be prompted to enter a passphrase. This is passphrase will be needed every time you boot the computer to unlock the /home partition. Do not leave it blank.

The next two commands open the encrypted partition and format it to make it ready for data storage.

sudo cryptsetup luksOpen /dev/nvme0pX home
sudo mkfs.ext4 -m 0 /dev/mapper/home

Step 3 Temporarily mount and copy contents of /home

Create a new folder to make it the temporary mount point of the encrypted partition

sudo mkdir /newhome

Mount the encrypted partition to newhome

sudo mount /dev/mapper/home /newhome

Make sure your "Home" folder is accessible. If you have multiple users with encrypted home folders for each of them, make sure the "Home" folders are accessible.

Copy original home to newhome

sudo cp -a /home/* /newhome

Make sure all your files are copied to the newhome and you can see them.

Remove the bits of old encryption system copied in the newhome

sudo rm -rf /newhome/username/Private /newhome/username/.ecryptfs

where username is your username. If you have multiple users in this computer with encrypted "Home" folders, you will have to do this for all users.

Step 4: Setup your newhome as home

Edit the file /etc/crypttab

sudo nano /etc/crypttab

Add the line below making sure the UUID corresponds to /dev/nvme0pX:

home UUID=AAA-BBB-CCC-DDDD-EEEEEEEE none luks,timeout=30

Press Ctrl+X followd by Y and Enter to save and exit nano.

Edit /etc/fstab with nano

sudo nano /etc/fstab

and add the following line:

/dev/mapper/home  /home ext4 nodev,nosuid,noatime        0       2

Press Ctrl+X followd by Y and Enter to save and exit nano.

Do not reboot your computer yet!

Step 5: Remove the old encrypted home and old encryption program

sudo rm -rf /home/*
sudo apt remove ecryptfs-utils libecryptfs1

Note the old /home folder should remain and be empty as this will be used as the mountpoint of the encrypted partition.

Step 6: Reboot

You will be prompted for your home partition passphrase before you can login.

Hope this helps

See Ecrypfts to LUKS on ext4 partition for more details of this solution.

Hope this helps

Related Question